[Cryptech Tech] Incremental digest outputs

[Rob Austein]

Something I intended to mention while I was doing the prototype HAL
for the digest cores: unless I'm missing something, our digest cores
don't support incremental digest results.  That is, we support doing
things like:

  context = SHAxxxInit()
  context.addData(foo)
  result = context.finalize()

and

  context = SHAxxxInit()
  context.addData(foo)
  context.addData(bar)
  result = context.finalize()

but we don't support doing things like:

  context = SHAxxxInit()
  context.addData(foo)
  result1 = context.finalize()
  context.addData(bar)
  result2 = context.finalize()

In case the notation isn't clear: this is just an efficiency hack to
avoid hashing foo twice if one needs to calculate both H(foo) and
H(foo | bar) (and H(foo | bar | baz), et cetera ad nausium).  As
shown, it's silly, but if foo is a lot of data, the overhead of
hashing it twice might matter.

Not sure how useful this unsupported sequence really is, but I've seen
several software implementations seem to provide for it in their APIs.
Never seen it used.

The problem in terms of doing this with our current digest cores is
that one would need to roll the digest core's state back to where it
was before adding the final padding.  If there's an obvious way to do
that, I missed it.  One can of course hack around this in software,
(not recommended if you've eaten recently).

Not sure we care.  If we do care, we may want to think about whether
we expect this to be a common operation that we need to support in
Verilog.  I suspect not, but would rather make an explicit decision
not to support this than do so by accident.